Customer distress assistance

ABSTRACT

Disclosed aspects and embodiments pertain to customer distress assistance. A call can be detected to a callee from a caller. The call can be analyzed and determined to be a fraud or spam risk. In response, callee monitoring is triggered. The monitoring can capture biometrics or speech of the callee. Distress in the callee can be determined through analysis of the biometrics or speech and comparison to reference biometrics or speech of the callee. An individual associated with the callee can be selected based on determining the distress in the customer. The individual can be contacted through a notification or a call to assist the callee in distress.

BACKGROUND

Receiving a call from a fraudster or scammer can leave a receiver orcallee feeling harassed or distressed. Frequently, the receiver ispressured to a point where the callee feels physically andpsychologically distressed. In particular, the callee may revealpersonal information such as financial accounts at a financialinstitution, social security numbers, personal identification numbers,or the like, leading them to feel considerable distress.

BRIEF SUMMARY OF THE DESCRIPTION

The following presents a simplified summary to provide a basicunderstanding of some aspects of the disclosed subject matter. Thissummary is not an extensive overview. It is not intended to identifynecessary elements or delineate the scope of the claimed subject matter.Rather, this summary presents some concepts in a simplified form as aprelude to the more detailed description presented later.

According to one aspect, disclosed embodiments can include a system thatcomprises a processor coupled to a memory that includes instructionsthat, when executed by the processor, cause the processor to detect anincoming phone call, analyze a call conversation between a caller and acallee in real time with conversation analysis, classify the incomingphone call as a fraud risk based on the conversational analysis.Further, the instructions can cause the processor to trigger monitoringof a physical metric of the callee based on the classification of thefraud risk, compare the physical metric to a reference physical metricto determine a divergence between the physical metric and the referencephysical metric, detect a sign of distress of the callee based on thedivergence, select an individual associated with the callee afterdetection of the sign of distress, in which the individual is selectedbased on determining availability of a set of individuals, and send anotification in real time to the individual associated with the callee,wherein the notification reveals the sign of distress to the callee. Theinstructions can also cause the processor to collect biometric data froma sensor to monitor the physical metric. In addition, the instructionscan cause the processor to invoke a conversational model trained torecognize problem words and phrases with natural language processing toclassify the phone call as a fraud risk. The instructions can also causethe processor to detect the caller is originating from a blocklistsource and classify the incoming phone call as a fraud risk. Further,the instructions can cause the processor to access the contactinformation of the individual and automatically join the individual inthe phone call. The instructions can additionally cause the processor toactivate a security control for the phone call that is a fraud risk. Thesecurity controls can include at least one of mute, interrupt prompt,forced disconnect, or automated transfer of the phone call to theindividual. Furthermore, the instructions can cause the processor toaccess social media data of the individual to determine availability andcollect biometric data from a wearable device to monitor the physicalmetric.

In accordance with another aspect, disclosed embodiments can include amethod comprising executing, on a processor, instructions that cause theprocessor to perform operations. The operations include detecting anincoming call, analyzing a conversation between a caller and a callee inreal time with conversation analysis, classifying the incoming call as afraud risk to a callee based on the conversation analysis, triggeringmonitoring of a physical metric of the callee in response toclassification of the incoming call as a fraud risk, and comparing thephysical metric to a reference physical metric to determine a divergencebetween the physical metric and the reference physical metric. Theoperations can further comprise detecting a sign of distress of thecallee based on the divergence, selecting an individual associated withthe callee after detection of the sign of distress, in which theindividual is selected from a set of available individuals associatedwith the callee, and transmitting a notification in real time to aselected individual that reveals the sign of distress of the callee. Inone instance, the monitoring can comprise collecting biometric data fromthe callee from a sensor, such as a sensor of a wearable device.Analyzing the conversation can also comprise invoking a conversationalmodel trained to recognize problem words and phrases with naturallanguage processing to classify the call as a fraud risk. The operationscan further comprise detecting the incoming call originates from asource that is on a blocklist of known fraudulent callers andclassifying the incoming call as fraudulent. Further, operation cancomprise determining availability of an individual based on social mediadata of the individual. The operations can also include accessingcontact information of the individual that is selected and joining theindividual to the call with the caller and callee. Furthermore, theoperations can comprise activating a security control for the calleethat blocks transactions to a financial account of the callee.

According to yet another aspect, disclosed embodiments can include amethod of distress assistance. The method can comprise detecting anincoming call with a call manager executing on a computing device,analyzing a conversation between a caller and callee in near real time,and classifying the incoming call as a spam risk based on conversationanalysis. The method can next comprise automatically triggering, by thecall manager, monitoring of a physical metric of the callee based on theclassification of the spam risk, detecting distress of the callee basedon divergence of the physical metric of the callee from a referencephysical metric, selecting an individual associated with the callee inresponse to detecting the distress, in which the individual is selectedbased on determining availability of a set of individuals, and sending anotification of the distress of the callee in near-real time to aselected individual. The act of analyzing the conversation can furthercomprise monitoring a voice characteristic of the callee, comparing thevoice characteristic of the callee to a voice profile characteristic ofthe callee, detecting a distress sentiment based on determining adifference between the voice characteristic and the voice profilecharacteristic, and identifying distress of the callee based on thedistress sentiment. Further, the method can comprise pausing theconversation between the caller and the callee and calling theindividual selected to provide assistance to the callee. The method canalso comprise activating a security control to at least one of mute,interrupt prompt, or forced disconnect of the call in response toclassification as a spam risk.

In aspects, the subject disclosure provides substantial benefits interms of distress assistance. One advantage resides in detectingdistress during a spam risk call. Another advantage resides in anautomatic process to assist in mitigating or eliminating distress.

To accomplish the foregoing and related ends, certain illustrativeaspects of the claimed subject matter are described herein in connectionwith the following description and the annexed drawings. These aspectsindicate various ways in which the subject matter may be practiced, allof which are intended to be within the scope of the disclosed subjectmatter. Other advantages and novel features may become apparent from thefollowing detailed description when considered in conjunction with thedrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the disclosure are understood from the following detaileddescription when read with the accompanying drawings. It will beappreciated that elements, structures, or the like of the drawings arenot necessarily drawn to scale. Accordingly, the dimensions of the samemay be arbitrarily increased or reduced for clarity of discussion, forexample.

FIG. 1 illustrates a high-level diagram of an example implementation.

FIG. 2 illustrates an example component diagram of a call manager.

FIG. 3 illustrates an example component diagram of an analysiscomponent.

FIG. 4 illustrates an example component diagram of a security component.

FIG. 5 illustrates a method for customer distress assistance.

FIG. 6 illustrates a computing environment where one or more of theprovisions set forth herein can be implemented, according to someembodiments.

DETAILED DESCRIPTION

Various aspects of the subject disclosure are now described in moredetail with reference to the annexed drawings, wherein like numeralsgenerally refer to like or corresponding elements throughout. In thefollowing description, for purposes of explanation, numerous specificdetails are set forth in order to provide a thorough understanding ofthe aspects of this disclosure. It may be evident, however, that theaspects can be practiced without these specific details. In otherinstances, well-known structures and devices are shown in block diagramform in order to facilitate clarity and understanding.

As used in this application, the terms “component”, “module,” “system”,“interface”, and the like are generally intended to refer to acomputer-related entity, either hardware, a combination of hardware andsoftware, software, or software in execution. For example, a componentmay be, but is not limited to being, a process running on a processor, aprocessor, an object, an executable, a thread of execution, a program,or a computer. By way of illustration, both an application running on acontroller and the controller can be a component. One or more componentscan reside within a process or thread of execution, and a component maybe localized on one computer or distributed between two or morecomputers.

Furthermore, the claimed subject matter can be implemented as a method,apparatus, or article of manufacture using standard programming orengineering techniques to produce software, firmware, hardware, or anycombination thereof to control a computer to implement the disclosedsubject matter. The term “article of manufacture” as used herein isintended to encompass a computer program accessible from anycomputer-readable device, carrier, or media. Of course, manymodifications may be made to this configuration without departing fromthe scope or spirit of the claimed subject matter.

Referring initially to FIG. 1 , a high-level overview of an exampleimplementation is depicted. A fraud or spam caller 110 can place a callto a customer or callee 120 through a customer device 130. The customerdevice 130 can be a mobile phone, personal computer, wearable device,Internet of Things device, and/or the like. The customer device 130 caninclude a call manager 140. The call manager 140 can monitor calls tothe customer device 130. The call manager 140 monitors calls to detect aspam risk call to the customer 120 on the customer device 130. The callmanager 140 can determine a spam risk call in real time or near realtime. For example, the spam caller 110 can call the customer 120, andthe call manager 140 can determine the call is a spam risk call whilethe call is being conducted between the spam caller 110 and the customer120.

In some embodiments, the call manager 140 trains a conversation model.The conversation model can analyze conversations in real time or nearreal time for problem words or phrases. The conversation model canclassify the call as a spam risk call upon detecting a problem word orphrase. For example, the call manager 140 can detect the phrase “I needyour bank account number.” The call manager 140, via the conversationmodel, can classify the call as a spam risk call based on the detectedphrase. In some embodiments, the call manager 140 can utilize a naturallanguage processing technique, a neural network, artificialintelligence, machine learning, and/or the like to detect the problemwords or phrases via the conversation model.

In some embodiments, the call manager 140 can detect a spam call riskvia determining the call source. The call manager 140 can determine thecall source and compare the call source to a list of blocklist sourcesof known spam callers or spam call originators. The call manager 140 canclassify the call as a spam risk call upon determining a match of thecall source and a listing of the blocklist sources.

The call manager 140 can trigger monitoring of the customer 120 based ondetection or classification of the spam risk call. The call manager 140can monitor physiological metrics, biometrics, physical metrics, and/orpsychological metrics of the customer 120, such as pulse, sweating,speech, loudness, other biometrics, and/or the like. In someembodiments, the call manager 140 can utilize readings of the customer120 via from the customer device 130. For example, the call manager 140can monitor rate of speech captured by the customer device 130 duringthe call to determine psychological distress of the customer 120. Inother embodiments, the call manager 140 can interface with a wearabledevice, an internet of things device, and/or the like to retrievephysical and/or psychological metrics of the customer 120. For example,the call manager 140 can interface with a smart ring worn on a finger ofthe customer 120 to retrieve pulse data. The call manager 140 candetermine an elevated pulse rate to determine whether the customer is indistress due to the spam risk call.

The call manager 140 can analyze captured or retrieved biometrics todetermine the customer 120 is distressed. The call manager 140 cancompare the biometrics to a reference biometric to determine anabnormality indicative of distress. For example, the call manager 140can detect a heart rate of 120 beats per minute in comparison to anormal resting heart rate of the customer 120 of 60 beats per minute.The call manager 140 can determine that the customer 120 is in distressbased on the comparison and a divergence of the heart rate from thenormal resting heart rate. In some embodiments, the call manager 140 candetermine a delta or change in biometrics to determine stress. Forexample, the call manager 140 can determine that the heart rate of thecustomer 120 is increasing by ten beats per minute since thecommencement of the call. The call manager 140 can compare the change toa threshold change to determine distress in the customer 120.

The call manager 140 can contact or organize contact with a user. Theuser can be a friend of the customer 120, an associate of the customer120, a medical professional, an emergency response person, lawenforcement, and/or the like. The call manager 140 can arrange contactwith the user based on the detection of distress of the customer 120. Insome embodiments, the call manager 140 determines the user from aplurality of users to contact. The call manager 140 can determine ortrain a selection model for determining which user to contact upondetecting distress of the customer 120. The selection model can betrained to select the user according to different constraints. Forexample, the selection model can select the user based on availability,time of day, day of week, distance, schedule, calendar entry, and/or thelike. For example, the selection model can access a calendar of apotential user and determine that the potential user has a presentappointment that could conflict with them helping the customer 120. Theselection model can determine a different user to contact based on thecalendar entry. In some embodiments, the selection model can followpredetermined business rules to select the user to contact. For example,a business rule can be to select the closest present distanced friend ofthe customer 120 to contact. In another example, a business rule can beto contact the local emergency medical service for a wellness check.

The call manager 140 can contact the user via a user device 150. Theuser device 150 can be a mobile phone, personal computer, wearabledevice, Internet of Things device, and/or the like associated with theuser. The call manager 140 can determine or access contact informationof the user. The call manager 140 can generate and send a notificationto the user device 150, implement a call to the user device 150, and/orthe like. For example, the call manager 140 can send an SMS text messageto the user device 150. The notification can include instructions forthe user to contact the customer 120. In some embodiments, the callmanager 140 can pause or hold the spam risk call and place a call to theuser device 150.

FIG. 2 illustrates a detailed component diagram of the call manager 140.The call manager 140 can include a detection component 210. Thedetection component 210 can monitor calls to the customer device 130.The detection component 210 monitors calls to detect a spam risk call tothe customer 120 on the customer device 130. The detection component 210can determine a spam risk call in real time or near real time. Forexample, the spam caller 110 can call the customer 120, and thedetection component 210 can determine the call is a spam risk call whilethe call is being conducted between the spam caller 110 and the customer120.

In some embodiments, the detection component 210 can detect a spam callrisk via determining the call source. The detection component 210 candetermine the call source and compare the call source to a list ofblocklist of sources that are known to be spam call originators. Thedetection component 210 can classify the call as a spam risk call upondetermining a match of the call source and a listing on the blocklist ofsources.

In some embodiments, the detection component 210 trains a conversationmodel. The conversation model can analyze conversations in real time ornear real time for problem words or phrases. The conversation model canclassify the call as a spam risk call upon detecting a problem word orphrase. For example, the detection component 210 can detect the phrase“I need your password.” The detection component 210 via the conversationmodel can classify the call as a spam risk call based on the detectedphrase. In some embodiments, the detection component 210 can utilizenatural language processing, a neural network, artificial intelligence,machine learning, and/or the like to detect the problem words or phrasesvia the conversation model.

The detection component 210 determines a conversation model based on ananalysis of previous spam risk calls. The detection component 210 cantrain the conversation model via words and/or phrases within a spam riskcall. The detection component 210 can utilize a machine learningtechnique to determine trends between words and/or phrases andclassifications of calls as spam risks. The model component learns fromexisting data to make predictions about spam risk calls to the customer120. The detection component 210 builds the conversation model from theprevious spam risk calls (e.g., “training data set”) in order to makedata-driven predictions or decisions expressed as outputs or assessmentsfor the customer 120. The detection component 210 can determine thetrends and/or correlations within previous spam risk calls. In someembodiments, the detection component 210 utilizes the machine learningtechnique to analyze the previous spam risk calls across differentcustomers to determine a conversation model based on correlations in theprevious spam risk calls.

In some embodiments, the detection component 210 trains the conversationmodel with previous spam risk calls and captured biometrics of thecustomer 120 and/or other customers. The conversation model candetermine correlations between words and/or phrases and abnormalbiometrics of the customer 120 to determine spam risk calls and/ordistress of the customer 120. For example, the phrase “What is yoursocial security number?” can be correlated with observed elevated heartrates. The conversation model can be trained to predict distress of thecustomer 120 on capturing the phrase in a present spam risk call.

The call manager 140 includes a monitoring component 220. The monitoringcomponent 220 can trigger monitoring of the customer 120 based ondetection or classification of the spam risk call. The monitoringcomponent 220 can monitor physical metrics and/or psychological metricsof the customer 120, such as pulse, sweating, speech, loudness, otherbiometrics, and/or the like. In some embodiments, the monitoringcomponent 220 can utilize readings of the customer 120 via the customerdevice 130. For example, the monitoring component 220 can monitor rateof speech captured by the customer device 130 during the call todetermine psychological distress of the customer 120. In otherembodiments, the monitoring component 220 can interface with a wearabledevice, an internet of things device, and/or the like to retrievephysical and/or psychological metrics of the customer 120. For example,the call manager 140 can interface with a smart watch worn on a wrist ofthe customer 120 to retrieve pulse data. The monitoring component 220can determine an elevated pulse rate to determine the customer 120 is indistress due to the spam risk call.

The call manager 140 includes an analysis component 230. The analysiscomponent 230 can analyze captured or retrieved biometrics to determinethe customer 120 is distressed. The analysis component 230 can comparethe biometrics to a reference biometric to determine an abnormalityindicative of distress. For example, the analysis component 230 candetect a heart rate of 125 beats per minute in comparison to a normalresting heart rate of the customer 120 of 60 beats per minute. Theanalysis component 230 can determine that the customer 120 is indistress based on the comparison and divergence of the heart rate fromthe normal resting heart rate. In some embodiments, the analysiscomponent 230 can determine a delta or change in biometrics to determinestress. For example, the analysis component 230 can determine that theheart rate of the customer 120 is increasing by ten beats per minutesince the commencement of the call. The analysis component 230 cancompare the change to a threshold change to determine distress in thecustomer 120.

The call manager 140 includes a security component 240. The securitycomponent 240 can contact or organize contact with the user. Thesecurity component 240 can arrange contact with the user based on thedetection of distress of the customer 120. In some embodiments, thesecurity component 240 determines the user from a plurality of users tocontact. In some embodiments, the security component 240 can determineor train a selection model for determining which user to contact upondetecting distress of the customer 120. The selection model can betrained to select the user according to different constraints. Forexample, the selection model can select the user based on availability,time of day, day of week, distance, schedule, calendar entry, socialmedia status, and/or the like. For example, the selection model canaccess a social media feed of a potential user and determine that thepotential user has a present status that could conflict with themhelping the customer 120. The selection model can determine a differentuser to contact based on the social media status that indicates the useris available or unavailable. For example, the security component 240 canaccess a social media feed of the customer 120 and/or the user. Thesecurity component 240 can determine location, availability, and/or thelike based on social media data of users associated with the customer120. For example, a user can post “Watching a movie at the movietheater.” The security component 240 can determine that the user is notavailable or too far away from the customer 120 to provide assistance tothe customer 120.

In some embodiments, the selection model can follow predeterminedbusiness rules to select the user to contact. For example, a businessrule can be to select the closest related relative of the customer 120to contact. In another example, a business rule can be to contact apsychologist associated with the customer 120. In other embodiments, theselection model can follow a prioritized list of users to assist thecustomer 120.

The security component 240 can contact the user via a user device 150.The security component 240 can generate and send a notification to theuser device 150, implement a call to the user device 150, and/or thelike. For example, the security component 240 can send a pushnotification to the user device 150. The notification can includeinstructions for the user to contact the customer 120. In someembodiments, the security component 240 can pause or hold the spam riskcall and place a call to the user device 150. In some embodiments, thesecurity component 240 can implement further security controls onto thespam risk call. The security controls can automatically mute thecustomer 120 and/or the spam caller 110, an audio or video interruptprompt via the customer device 130, a forced disconnect of the spam riskcall, an automated transfer of the spam risk call to the user,automatically teleconferencing the user to join the user to the spamrisk call, and/or the like. For example, the security component 240 canconnect the user via the user device 150 to the customer device 130 suchthat the user joins the spam risk call and provide assistance to thecustomer 120.

FIG. 3 illustrates a detailed component diagram of an analysis component230. The analysis component 230 includes a conversation component 310that can perform a conversation analysis. The conversation component 310can analyze an ongoing conversation or ongoing/incoming call between thecustomer 120 and the spam caller 110 on the spam risk call. Theconversation component 310 can analyze the voice of the customer 120 forsigns of distress. The conversation component 310 can analyze the voicefor behavioral patterns, speech patterns, a voice profile, a rate ofspeech, and/or the like. The conversation component 310 can compare thevoice to a reference voice or voice metrics to determine abnormal signsor a difference between them that can be attributed to distress of thecustomer 120. The conversation component 310 can compare the voice to aknown voice profile of the customer 120 that was captured innon-distressed time. In other embodiments, the conversation component310 can analyze the conversation to determine sentiment. Theconversation component 310 can determine a distress sentiment based onthe sentiment analysis for the customer 120. The conversation component310 can further determine and/or confirm the spam risk call bydetermining a negative sentiment or dishonest sentiment of the spamcaller 110.

The analysis component 230 can include a biometric component 320. Thebiometric component 320 can analyze captured or retrieved biometrics todetermine the customer 120 is distressed. The biometric component 320can compare the biometrics to a reference biometric to determine anabnormality indicative of distress (e.g., divergence or a differencebetween the biometrics and the reference biometric). For example, thebiometric component 320 can detect a skin moisture level in comparisonto a normal moisture level of the customer 120. The biometric component320 can determine that the customer 120 is in distress based on thecomparison and a divergence of the skin moisture level indicative ofperspiration from the normal moisture level. In some embodiments, thebiometric component 320 can determine a delta or change in biometrics todetermine stress. For example, the biometric component 320 can determinethat the skin moisture level of the customer 120 is increasing since thecommencement of the call. The biometric component 320 can compare thechange to a threshold change to determine distress in the customer 120.

FIG. 4 illustrates an example component diagram of a security component240. The security component 240 includes a selection component 410. Theselection component 240 can contact or organize contact with a user. Theselection component 240 can arrange contact with the user based on thedetection of distress of the customer 120. In some embodiments, theselection component 240 determines the user from a plurality of users tocontact.

In some embodiments, the selection component 240 can determine or traina selection model for determining which user to contact upon detectingdistress of the customer 120. The selection model can be trained toselect the user according to different constraints. For example, theselection component 410 can select the user based on availability, timeof day, day of week, distance, schedule, calendar entry, social mediastatus, demographic of the customer 120, other customer information,and/or the like. For example, the selection model can determine acompetency level of the customer 120. The competency level of thecustomer 120 can be based on demographic information of the customer 120and/or other customer information. For example, the selection model candetermine a lower competency level for a customer 120 that has an agehigher than 90 years old. The selection component 410 via the selectionmodel can factor in the competency level of the customer 120 to selectthe user based on the competency level. For example, the selectioncomponent 410 may select a law enforcement officer as the user tocontact for the customer 120 with a lower competency level. Theselection component 410 can determine a different user to contact basedon a higher determined competency level of the customer 120. Forexample, the selection component 410 can select a neighbor as the userto assist the customer 120 instead of a law enforcement officer.

The security component 240 includes an implementation component 420. Theimplementation component 420 can contact the user via a user device 150.The implementation component 420 can generate and send a notification tothe user device 150, implement a call to the user device 150, and/or thelike. For example, the implementation component 420 can send a pushnotification to the user device 150. The notification can includeinstructions for the user to contact the customer 120. The notificationreveals the sign(s) of distress of the customer 120. In someembodiments, the implementation component 420 can pause or hold the spamrisk call and place a call to the user device 150. In some embodiments,the implementation component 420 can implement further security controlsonto the spam risk call. The security controls can automatically mutethe customer 120 and/or the spam caller 110, an audio or video interruptprompt via the customer device 130, a forced disconnect of the spam riskcall, an automated transfer of the spam risk call to the user,automatically teleconferencing the user to join the user to the spamrisk call, and/or the like. For example, the implementation component420 can connect the user via the user device 150 to the customer device130 such that the user joins the spam risk call and provide assistanceto the customer 120.

In some embodiments, the implementation component 420 can performfurther security controls. The implementation component 420 can contacta financial institution, block transactions to a financial account, locka financial account of the customer 120, trigger identity monitoring,freeze credit score, determine a credit report, and/or the like. Forexample, the implementation component 420 can interface with a financialinstitution to prevent transactions for a period during and/or after thespam risk call.

In view of the example systems described above, methods that can beimplemented in accordance with the disclosed subject matter will bebetter appreciated with reference to the flow chart diagram of FIG. 5 .While, for purposes of simplicity of explanation, the methods show anddescribe a series of blocks, it is to be understood and appreciated thatthe disclosed subject matter is not limited by the order of the blocks,as some blocks can occur in different orders or concurrently with otherblocks from what is depicted and described herein. Moreover, not allillustrated blocks may be required to implement the methods describedhereinafter. Further, each block or combination of blocks can beimplemented by computer program instructions that can be provided to aprocessor to produce a machine, such that the instructions executing onthe processor create a means for implementing functions specified by aflow chart block. It is also appreciated that the method 500 isdescribed in conjunction with a specific example for explanationpurposes.

FIG. 5 illustrates a method 500 for customer distress assistance. At510, a call can be received to a customer device 120 from a spam caller110. For example, the scammer can place a call to the customer 120 ontheir customer device 120. At 520, the call can be determined to be aspam risk call. The call manager 140 can analyze the conversation duringthe call to determine if it is a spam risk call. At 530, monitoring ofthe customer 120 can be triggered. The call manager 140 can beginmonitoring biometrics and/or speech of the customer 120 based on thedetermination of the spam risk call.

At 540, distress of the customer 120 can be determined. The call manager140 can analyze the biometrics of the customer 120 to determine abnormalcharacteristics that are indicative of distress. At 550, a userassociated with the customer can be selected. The call manager 140 candetermine a most appropriate user associated with the customer, such asa friend, neighbor, medical professional, law enforcement officer,and/or the like. At 560, the user is contacted to assist the customer120. The call manager 140 can send a notification or place a call to theuser to assist the customer 120 that is in distress.

The terms “caller” and “callee” have been utilized herein torespectively refer to a person who initiates a phone call and a personwho receives the phone call. Further, a callee has been referred to as acustomer, wherein the person is a customer of a distress mitigationsystem or service or a customer of an entity that provides suchfunctionality (e.g., a financial institution). One scenario involves acaller being a fraudster or spammer who targets a callee for fraud orunsolicited commercial messages. In other words, the caller can causethe callee distress by seeking to defraud the callee in some mannerincluding unsolicited sales calls. However, the caller need not causedistress. In fact, the distress can be due to circumstances that areindependent of fraudsters or spammers. For example, the distress can bea result of a death in the family or financial trouble. In thisscenario, the caller is the person that is distressed and seeking towork with a financial institution or other person or entity to address asituation. Aspects of the disclosure pertaining to mitigating distresscan also be employed in this situation as well.

As used herein, the terms “component” and “system,” as well as variousforms thereof (e.g., components, systems, sub-systems) are intended torefer to a computer-related entity, either hardware, a combination ofhardware and software, software, or software in execution. For example,a component may be, but is not limited to being, a process running on aprocessor, a processor, an object, an instance, an executable, a threadof execution, a program, and/or a computer. By way of illustration, bothan application running on a computer and the computer can be acomponent. One or more components may reside within a process and/orthread of execution, and a component may be localized on one computerand/or distributed between two or more computers.

The conjunction “or” as used in this description and appended claims isintended to mean an inclusive “or” rather than an exclusive “or,” unlessotherwise specified or clear from context. In other words, “‘X’ or ‘Y’”is intended to mean any inclusive permutations of “X” and “Y.” Forexample, if “‘A’ employs ‘X,’” “‘A employs ‘Y,’” or “‘A’ employs both‘X’ and ‘Y,’” then “‘A’ employs ‘X’ or ‘Y’” is satisfied under any ofthe foregoing instances.

Furthermore, to the extent that the terms “includes,” “contains,” “has,”“having” or variations in form thereof are used in either the detaileddescription or the claims, such terms are intended to be inclusive in amanner similar to the term “comprising” as “comprising” is interpretedwhen employed as a transitional word in a claim.

To provide a context for the disclosed subject matter, FIG. 6 , as wellas the following discussion, are intended to provide a brief, generaldescription of a suitable environment in which various aspects of thedisclosed subject matter can be implemented. The suitable environment,however, is solely an example and is not intended to suggest anylimitation on the scope of use or functionality.

While the above-disclosed system and methods can be described in thegeneral context of computer-executable instructions of a program thatruns on one or more computers, those skilled in the art will recognizethat aspects can also be implemented in combination with other programmodules or the like. Generally, program modules include routines,programs, components, data structures, among other things, that performparticular tasks and/or implement particular abstract data types.Moreover, those skilled in the art will appreciate that the abovesystems and methods can be practiced with various computer systemconfigurations, including single-processor, multi-processor ormulti-core processor computer systems, mini-computing devices, servercomputers, as well as personal computers, hand-held computing devices(e.g., personal digital assistant (PDA), smartphone, tablet, watch . . .), microprocessor-based or programmable consumer or industrialelectronics, and the like. Aspects can also be practiced in distributedcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. However, some,if not all aspects, of the disclosed subject matter can be practiced onstand-alone computers. In a distributed computing environment, programmodules may be located in one or both of local and remote memorydevices.

With reference to FIG. 6 , illustrated is an example computing device600 (e.g., desktop, laptop, tablet, watch, server, hand-held,programmable consumer or industrial electronics, set-top box, gamesystem, compute node . . . ). The computing device 600 includes one ormore processor(s) 610, memory 620, system bus 630, storage device(s)640, input device(s) 650, output device(s) 660, and communicationsconnection(s) 670. The system bus 630 communicatively couples at leastthe above system constituents. However, the computing device 600, in itssimplest form, can include one or more processors 610 coupled to memory620, wherein the one or more processors 610 execute various computerexecutable actions, instructions, and or components stored in the memory620.

The processor(s) 610 can be implemented with a general-purposeprocessor, a digital signal processor (DSP), an application specificintegrated circuit (ASIC), a field programmable gate array (FPGA) orother programmable logic device, discrete gate or transistor logic,discrete hardware components, or any combination thereof designed toperform the functions described herein. A general-purpose processor maybe a microprocessor, but in the alternative, the processor may be anyprocessor, controller, microcontroller, or state machine. Theprocessor(s) 610 may also be implemented as a combination of computingdevices, for example, a combination of a DSP and a microprocessor, aplurality of microprocessors, multi-core processors, one or moremicroprocessors in conjunction with a DSP core, or any other suchconfiguration. In one embodiment, the processor(s) 610 can be a graphicsprocessor unit (GPU) that performs calculations with respect to digitalimage processing and computer graphics.

The computing device 600 can include or otherwise interact with avariety of computer-readable media to facilitate control of thecomputing device to implement one or more aspects of the disclosedsubject matter. The computer-readable media can be any available mediaaccessible to the computing device 600 and includes volatile andnonvolatile media, and removable and non-removable media.Computer-readable media can comprise two distinct and mutually exclusivetypes, namely storage media and communication media.

Storage media includes volatile and nonvolatile, removable, andnon-removable media implemented in any method or technology for storageof information such as computer-readable instructions, data structures,program modules, or other data. Storage media includes storage devicessuch as memory devices (e.g., random access memory (RAM), read-onlymemory (ROM), electrically erasable programmable read-only memory(EEPROM) . . . ), magnetic storage devices (e.g., hard disk, floppydisk, cassettes, tape . . . ), optical disks (e.g., compact disk (CD),digital versatile disk (DVD) . . . ), and solid state devices (e.g.,solid state drive (SSD), flash memory drive (e.g., card, stick, keydrive . . . ) . . . ), or any other like mediums that store, as opposedto transmit or communicate, the desired information accessible by thecomputing device 600. Accordingly, storage media excludes modulated datasignals as well as that described with respect to communication media.

Communication media embodies computer-readable instructions, datastructures, program modules, or other data in a modulated data signalsuch as a carrier wave or other transport mechanism and includes anyinformation delivery media. The term “modulated data signal” means asignal that has one or more of its characteristics set or changed insuch a manner as to encode information in the signal. By way of example,and not limitation, communication media includes wired media such as awired network or direct-wired connection, and wireless media such asacoustic, radio frequency (RF), infrared, and other wireless media.

The memory 620 and storage device(s) 640 are examples ofcomputer-readable storage media. Depending on the configuration and typeof computing device, the memory 620 may be volatile (e.g., random accessmemory (RAM)), nonvolatile (e.g., read only memory (ROM), flash memory .. . ) or some combination of the two. By way of example, the basicinput/output system (BIOS), including basic routines to transferinformation between elements within the computing device 600, such asduring start-up, can be stored in nonvolatile memory, while volatilememory can act as external cache memory to facilitate processing by theprocessor(s) 610, among other things.

The storage device(s) 640 include removable/non-removable,volatile/nonvolatile storage media for storage of vast amounts of datarelative to the memory 620. For example, storage device(s) 640 include,but are not limited to, one or more devices such as a magnetic oroptical disk drive, floppy disk drive, flash memory, solid-state drive,or memory stick.

Memory 620 and storage device(s) 640 can include, or have storedtherein, operating system 680, one or more applications 686, one or moreprogram modules 684, and data 682. The operating system 680 acts tocontrol and allocate resources of the computing device 600. Applications686 include one or both of system and application software and canexploit management of resources by the operating system 680 throughprogram modules 684 and data 682 stored in the memory 620 and/or storagedevice(s) 640 to perform one or more actions. Accordingly, applications686 can turn a general-purpose computer 600 into a specialized machinein accordance with the logic provided thereby.

All or portions of the disclosed subject matter can be implemented usingstandard programming and/or engineering techniques to produce software,firmware, hardware, or any combination thereof to control the computingdevice 600 to realize the disclosed functionality. By way of example andnot limitation, all or portions of the call manager 140 can be, or formpart of, the application 686, and include one or more modules 684 anddata 682 stored in memory and/or storage device(s) 640 whosefunctionality can be realized when executed by one or more processor(s)610.

In accordance with one particular embodiment, the processor(s) 610 cancorrespond to a system on a chip (SOC) or like architecture including,or in other words integrating, both hardware and software on a singleintegrated circuit substrate. Here, the processor(s) 610 can include oneor more processors as well as memory at least similar to theprocessor(s) 610 and memory 620, among other things. Conventionalprocessors include a minimal amount of hardware and software and relyextensively on external hardware and software. By contrast, an SOCimplementation of a processor is more powerful, as it embeds hardwareand software therein that enable particular functionality with minimalor no reliance on external hardware and software. For example, the callmanager 140 and/or functionality associated therewith can be embeddedwithin hardware in a SOC architecture.

The input device(s) 650 and output device(s) 660 can be communicativelycoupled to the computing device 600. By way of example, the inputdevice(s) 650 can include a pointing device (e.g., mouse, trackball,stylus, pen, touchpad), keyboard, joystick, microphone, voice userinterface system, camera, motion sensor, and a global positioningsatellite (GPS) receiver and transmitter, among other things. The outputdevice(s) 660, by way of example, can correspond to a display device(e.g., liquid crystal display (LCD), light emitting diode (LED), plasma,organic light-emitting diode display (OLED)), speakers, voice userinterface system, printer, and vibration motor, among other things. Theinput device(s) 650 and output device(s) 660 can be connected to thecomputing device 600 by way of wired connection (e.g., bus), wirelessconnection (e.g., Wi-Fi, Bluetooth), or a combination thereof.

The computing device 600 can also include communication connection(s)670 to enable communication with at least a second computing device 602by means of a network 690. The communication connection(s) 670 caninclude wired or wireless communication mechanisms to support networkcommunication. The network 690 can correspond to a local area network(LAN) or a wide area network (WAN) such as the Internet. The secondcomputing device 602 can be another processor-based device with whichthe computing device 600 can interact. For example, the computing device600 can correspond to a server that executes functionality of the callmanager 140, and the second computing device 602 can be a user devicethat communicates and interacts with the computing device 600.

What has been described above includes examples of aspects of theclaimed subject matter. It is, of course, not possible to describe everyconceivable combination of components or methodologies for purposes ofdescribing the claimed subject matter, but one of ordinary skill in theart may recognize that many further combinations and permutations of thedisclosed subject matter are possible. Accordingly, the disclosedsubject matter is intended to embrace all such alterations,modifications, and variations that fall within the spirit and scope ofthe appended claims.

What is claimed is:
 1. A system, comprising: a processor coupled to amemory that includes instructions that, when executed by the processor,cause the processor to: detect an incoming phone call; analyze theincoming phone call between a caller and a callee in real time withconversation analysis; classify the incoming phone call as a fraud riskbased on the conversational analysis; trigger monitoring of a physicalmetric of the callee based on the classification of the fraud risk;compare the physical metric to a reference physical metric to determinea divergence between the physical metric and the reference physicalmetric; detect a sign of distress of the callee based on the divergence;select an individual associated with the callee after detection of thesign of distress, wherein the individual is selected based ondetermining availability of a set of individuals; and send anotification in real time to the individual associated with the callee,wherein the notification reveals the sign of distress to the callee. 2.The system of claim 1, wherein the instructions further cause theprocessor to collect biometric data from a sensor to monitor thephysical metric.
 3. The system of claim 1, wherein the instructionsfurther cause the processor to invoke a conversational model trained torecognize problem words and phrases with natural language processing toclassify the phone call as a fraud risk.
 4. The system of claim 1,wherein the instructions further cause the processor to: detect thecaller is originating from a blocklist source; and classify the incomingphone call as a fraud risk.
 5. The system of claim 1, wherein theinstructions further cause the processor to access contact informationof the individual; and automatically join the individual to the phonecall.
 6. The system of claim 1, wherein the instructions further causethe processor to activate a security control for the phone call that isa fraud risk, wherein the security control is one of mute, interruptprompt, forced disconnect, or automated transfer of the phone call tothe individual.
 7. The system of claim 1, wherein the instructionsfurther cause the processor to access social media data of theindividual to determine availability.
 8. The system of claim 1, whereinthe instructions further cause the processor to collect biometric datafrom a wearable device to monitor the physical metric.
 9. A method,comprising: executing, on a processor, instructions that cause theprocessor to perform operations, the operations comprising: detecting anincoming call; analyzing a conversation between a caller and a callee inreal time with conversation analysis; classifying the incoming call as afraud risk to a callee based on the conversation analysis; triggeringmonitoring of a physical metric of the callee in response toclassification of the incoming call as a fraud risk; comparing thephysical metric to a reference physical metric to determine a divergencebetween the physical metric and the reference physical metric; detectinga sign of distress of the callee based on the divergence; selecting anindividual associated with the callee after detection of the sign ofdistress, wherein the individual is selected from a set of availableindividuals associated with the callee; and transmitting a notificationin real time to a selected individual that reveals the sign of distressof the callee.
 10. The method of claim 9, wherein the monitoringcomprises collecting biometric data from the callee from a sensor. 11.The method of claim 10, further comprising collecting the biometric datafrom a sensor of a wearable device.
 12. The method of claim 9, whereinanalyzing the conversation comprises invoking a conversational modeltrained to recognize problem words and phrases with natural languageprocessing to classify the call as a fraud risk.
 13. The method of claim9, wherein the operations further comprise: detecting the incoming calloriginates from a source that is on a blocklist of known fraudulentcallers; and classifying the incoming call as fraudulent.
 14. The methodof claim 9, wherein the operations further comprise determiningavailability of an individual based on social media data of theindividual.
 15. The method of claim 9, wherein the operations furthercomprise: accessing contact information of the individual that isselected; and joining the individual to the call with the caller andcallee.
 16. The method of claim 9, wherein the operations furthercomprise activating a security control for the callee that blockstransactions to a financial account of the callee.
 17. A method ofdistress assistance, comprising: detecting an incoming call with a callmanager executing on a computing device; analyzing a conversationbetween a caller and callee in near real time; classifying the incomingcall as a spam risk based on conversation analysis; automaticallytriggering, by the call manager, monitoring of a physical metric of thecallee based on the classification of the spam risk; detecting distressof the callee based on divergence of the physical metric of the calleefrom a reference physical metric; selecting an individual associatedwith the callee in response to detecting the distress, wherein theindividual is selected based on determining availability of a set ofindividuals; and sending a notification of the distress of the callee innear-real time to a selected individual.
 18. The method of claim 17,analyzing the conversation further comprising: monitoring a voicecharacteristic of the callee; comparing the voice characteristic of thecallee to a voice profile characteristic of the callee; detecting adistress sentiment based on determining a difference between the voicecharacteristic and the voice profile characteristic; and identifyingdistress of the callee based on the distress sentiment.
 19. The methodof claim 17, further comprising: pausing the conversation between thecaller and the callee; and calling the individual selected to provideassistance to the callee.
 20. The method of claim 17, further comprisingactivating a security control to at least one of mute, interrupt prompt,or forced disconnect of the call in response to classification as a spamrisk.